Network Discovery shines a light on shadow IT

Brendan Patterson's picture

19 Jun 2016 By Brendan Patterson
Categories: Network Security


Last week we posted about the security and network visibility highlights included in the new Fireware 11.11 release. Today we want to take a closer look at one the major updates that we mentioned, Network Discovery. This new service performs a complete network scan to generate a visual map of every connected device, providing Firebox administrators total visibility into all assets on their network. Information Security professionals have long understood that the first step in any vulnerability management program is to discover and identify all of the assets and their role in a network. You cannot secure a network that you do not understand. The term "shadow IT" is used to describe people installing and using their own, non-company-sanctioned applications, equipment, and software in the workplace. Here are just a few examples of security risks that could result from unknown devices:

  • An employee brings in a personal device or laptop that does not have the full corporate anti-virus solutions installed and connects it to a network, introducing malware.
  • Old servers or applications installed without IT authorization may not be patched to current secure levels, exposing vulnerable software.
  • Unauthorized or rogue access points may be providing unwanted wireless connectivity, providing an avenue for hackers to exploit.

The best way to understand the new capability is to look at a sample screenshot:
NetworkDiscovery

Network Discovery allows IT staff to map out the network behind their firewall. It uses information from a nmap scan (link), DHCP fingerprinting, HTTP header information, and the new WatchGuard FireClient app. Assets in the network are identified and represented with an icon with the following information:

  • Host Name
  • IP Address
  • MAC Address
  • Type of device – iOS, Android, MAC, Windows, etc.
  • Open ports – and protocols that may be running

Admins can search and filter all device data to zero in on key areas of interest. One click through to FireWatch or Traffic Monitor will provide a clear visual indication of the type of traffic that is passing through the IP address. Admins can mark devices as “known” and assign descriptive names. New or unfamiliar devices will immediately stand out when they appear without names. One Beta tester said: "Excellent feature and the GUI looks good. Found a couple of computers that should not have been on my network."  Are you confident that you can identify every device on your network? Find out more. Download the new Tech Brief that describes more detail about the service with more screenshots. Network Discovery is available on all Firebox and XTMv models. The service is included in the UTM Security Suite for all new and existing customers. We’ve added the new feature key to all current security suite subscriptions on Firebox T or M Series and XTMv. Synchronize your feature key to get the latest license from our WatchGuard Servers and try out the new service today. This short video explains how to synchronize a feature key.